✼lient Isolation« (and probably an additional ebtables rule for the internal bridge) in the EAP could achieve isolation in wireless networks (situations 1. ![]() ![]() and 2.). Switch ACLs or firewall rules covering L2 traffic could achieve isolations in the wired network (situations 3. Pretty complex IMO, so see possible solution #2 below. Now, the » Guest Network« setting of Omada Controller tries to achieve isolation by implicitely setting » Client Isolation« in the WiFi chip and by defining (invisible!) ACLs in the EAP blocking RFC1918 IPs. ![]() At best, this is kind of a »poor man's guest network«, which has no true isolation: non-IP traffic still can pass. I did proof this in the HowTo linked in my previous reply. ![]() IMO, the right way to achieve true isolation inside a guest netwok and between a guest network and the LAN is using a » Client Isolation« setting and VLANs. Client isolation covers bridging inside the EAP's radio and a VLAN covers the wired networks (LAN, GUEST) including the associated wireless networks (SSID for the LAN and SSID for the GUEST network) when using VLAN-mapped Multi-SSIDs.Ī »single click plug'n'play guest network« was demanded by home users in the past, b/c VLANs are not common in home networks.
0 Comments
Leave a Reply. |